[ This is my third attempt to add this configure option. The first
version was approved but it came too late in the development cycle.
The second version was also approved, but I had to revert it:
<https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>.
I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to
ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer
need to touch Makefile.def, so this patch is simplified. ]
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.
Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.
When building the compiler, the build process may use various in-tree
libraries; these need to be built with -fPIE so that it's possible to
use them when building a PIE. For instance, when --with-included-gettext
is in effect, intl object files must be compiled with -fPIE. Similarly,
when building in-tree gmp, isl, mpfr and mpc, they must be compiled with
-fPIE.
With this patch and --enable-host-pie used to configure gcc:
$ file gcc/cc1{,plus,obj,gm2} gcc/f951 gcc/lto1 gcc/cpp gcc/go1 gcc/rust1 gcc/gnat1
gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=98e22cde129d304aa6f33e61b1c39e144aeb135e, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=859d1ea37e43dfe50c18fd4e3dd9a34bb1db8f77, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1964f8ecee6163182bc26134e2ac1f324816e434, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1gm2: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a396672c7ff913d21855829202e7b02ecf42ff4c, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=59c523db893186547ac75c7a71f48be0a461c06b, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=084a7b77df7be2d63c2d4c655b5bbc3fcdb6038d, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3503bf8390d219a10d6653b8560aa21158132168, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/go1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=988cc673af4fba5dcb482f4b34957b99050a68c5, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/rust1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b6a5d3d514446c4dcdee0707f086ab9b274a8a3c, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/gnat1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=bb11ccdc2c366fe3fe0980476bcd8ca19b67f9dc, for GNU/Linux 3.2.0, with debug_info, not stripped
I plan to add an option to link with -Wl,-z,now.
Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext
--enable-host-pie as well as without --enable-host-pie. Also tested
on a Debian system where the system gcc was configured with
--enable-default-pie.
Co-Authored by: Iain Sandoe <iain@sandoe.co.uk>
ChangeLog:
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
* configure: Regenerate.
c++tools/ChangeLog:
* Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it.
Use pic/libiberty.a if PICFLAG is set.
* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
(--enable-host-pie): New check.
* configure: Regenerate.
fixincludes/ChangeLog:
* Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic"
build of libiberty if PICFLAG is set.
* configure.ac:
* configure: Regenerate.
gcc/ChangeLog:
* Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie.
Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to
ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-pie.
gcc/ada/ChangeLog:
* gcc-interface/Make-lang.in (ALL_ADAFLAGS): Remove NO_PIE_CFLAGS. Add
PICFLAG. Use PICFLAG when building ada/b_gnat1.o and ada/b_gnatb.o.
* gcc-interface/Makefile.in: Use pic/libiberty.a if PICFLAG is set.
Remove NO_PIE_FLAG.
gcc/m2/ChangeLog:
* Make-lang.in: New var, GM2_PICFLAGS. Use it.
gcc/d/ChangeLog:
* Make-lang.in: Remove NO_PIE_CFLAGS.
intl/ChangeLog:
* Makefile.in: Use @PICFLAG@ in COMPILE as well.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libcody/ChangeLog:
* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
libcpp/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libdecnumber/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libiberty/ChangeLog:
* configure.ac: Also set shared when enable_host_pie.
* configure: Regenerate.
zlib/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.
Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.
When building the compiler, the build process may use various in-tree
libraries; these need to be built with -fPIE so that it's possible to
use them when building a PIE. For instance, when --with-included-gettext
is in effect, intl object files must be compiled with -fPIE. Similarly,
when building in-tree gmp, isl, mpfr and mpc, they must be compiled with
-fPIE.
I plan to add an option to link with -Wl,-z,now.
ChangeLog:
* Makefile.def: Pass $(PICFLAG) to AM_CFLAGS for gmp, mpfr, mpc, and
isl.
* Makefile.in: Regenerate.
* Makefile.tpl: Set PICFLAG.
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
* configure: Regenerate.
c++tools/ChangeLog:
* Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it.
Use pic/libiberty.a if PICFLAG is set.
* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
(--enable-host-pie): New check.
* configure: Regenerate.
fixincludes/ChangeLog:
* Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic"
build of libiberty if PICFLAG is set.
* configure.ac:
* configure: Regenerate.
gcc/ChangeLog:
* Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie.
Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to
ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-pie.
gcc/d/ChangeLog:
* Make-lang.in: Remove NO_PIE_CFLAGS.
intl/ChangeLog:
* Makefile.in: Use @PICFLAG@ in COMPILE as well.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libcody/ChangeLog:
* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
libcpp/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libdecnumber/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libiberty/ChangeLog:
* configure.ac: Also set shared when enable_host_pie.
* configure: Regenerate.
zlib/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
Two non-portable shell constructs have been long present in libcody's
build rule for revision.stamp: $() instead of ``, and += to append to
a shell variable. The former seems to work even when bash is
operating as /bin/sh, but += doesn't, and it ends up trying to run
revision+=M as a command name, and issuing an error as that command is
(hopefully) not found.
This patch replaces both constructs with more portable ones.
for libcody/ChangeLog
* Makefile.in (revision.stamp): Replace $() and += with more
portable shell constructs.
the getaddrinfo() requires either a non-null name for the server or
a port service / number. In the code that opens a connection we have
been calling this with a dummy port number of "0". Unfortunately this
triggers a bug in some BSD versions and OSes importing that code.
In this part of the code we do not really need a port number, since it
is not reasonable to open a connection to an unspecified host.
Setting hints info field to 0, and the servname parm to nullptr works
around the BSD bug in this case.
Signed-off-by: Iain Sandoe <iain@sandoe.co.uk>
libcody/ChangeLog:
* netclient.cc (OpenInet6): Do not provide a dummy port number
in the getaddrinfo() call.
If the listen call fails then 'goto fail' will jump to that label and
use freeaddrinfo again. Set the pointer to null to prevent that.
libcody/ChangeLog:
* netserver.cc (ListenInet6): Set pointer to null after
deallocation.
2021-01-06 John David Anglin <danglin@gcc.gnu.org>
libcody/ChangeLog:
PR bootstrap/98506
* resolver.cc: Only use fstatat when _POSIX_C_SOURCE >= 200809L.
libcody's testsuite is not very portable, and is testing a host
library, so will do weird things on cross compiling, I think. Let's
just drop it.
libcody/
* Makefile.in (LDFLAGS): Drop -L..
* tests/01-serialize/connect.cc: Delete.
* tests/01-serialize/decoder.cc: Delete.
* tests/01-serialize/encoder.cc: Delete.
* tests/02-comms/client-1.cc: Delete.
* tests/02-comms/pivot-1.cc: Delete.
* tests/02-comms/server-1.cc: Delete.
* tests/Makesub.in: Delete.
* tests/jouster: Delete.
Fix some more system-specific issues. Not everyone's C++11 is the same :(
PR bootstrap/98412
libcody/
* client.cc: Include cstdlib.
* server.cc: Include cstdlib.
gcc/cp/
* mapper-client.cc: INCLUDE_STRING, INCLUDE_VECTOR.
(module_client::open_module_client): Avoid std::stoul.
* mapper-resolver.cc: INCLUDE_STRING, INCLUDE_VECTOR.
libcody as originally added to GCC fail to build on *-unknown-freebsd11.4
and presumably others:
c++ -std=c++11 -g -include config.h -I ... -MMD -MP -MF netclient.d -c
-o netclient.o
.../libcody/netclient.cc:114:3: error: unknown type sockaddr_in6 addr;
^~~~~~~~~~~~
sockaddr_in6 is declared in /usr/include/netinet6/in6.h,
which is included by /usr/include/netinet/in.h.
Indeed, per https://man7.org/linux/man-pages/man7/ipv6.7.html
#include <sys/socket.h>
#include <netinet/in.h>
should be included, and our own gcc/ada/gsocket.h also has
#if !(defined (VMS) || defined (__MINGW32__))
#include <sys/socket.h>
#include <sys/un.h>
#include <netinet/in.h>
:
#endif
libcody/ChangeLog:
2020-12-21 Gerald Pfeifer <gerald@pfeifer.com>
* netserver.cc: Include <netinet/in.h>.
While this doesn't fix 98324, it was an omission. Cribbed code from
libcpp to build libcody as PIC.
libcody/
* configure.ac: Add --enable-host-shared.
* Makefile.in: Add FLAGPIC.
* configure: Regenerated.
This asm was a useful place for gdb to drop a breakpoint and make it
clear where you were when debugging. I took a punt that 'surely every
arch has a nop instruction'. Well, no, some apparently have nops with
operands (what, do nothing harder? :)
libcody/
* fatal.cc (HCF): Remove nop breakpoint lander.
Rather than early-include sys/socket.h, let's allow the includer to
tell cody no networking.
libcody/
* cody.hh: Allow user to set CODY_NETWORKING.
gcc/cp/
* mapper-resolver.cc: Remove early include of
sys/socket.h. Specify no CODY_NETWORKING instead.
* module.cc: Specify no CODY_NETWORKING.
> The -enable-checking configure code in libcody didn't play well with
> us. This just uses libcpp's configurey for that piece.
This doesn't set is_release anywhere, which means when --enable-checking*
or --disable-checking isn't specified, it always treats it as
--enable-checking=yes, while the normal gcc behavior is treat only trunk
as --enable-checking=yes and treat release branches as
--enable-checking=release by default.
On the other side, nothing uses those ac_assert_checking and
ac_valgrind_checking variables, so it is a waste to compute those.
2020-12-16 Jakub Jelinek <jakub@redhat.com>
* configure.ac: Compute is_release.
(NMS_ENABLE_CHECKING): Simplify but not computing ac_assert_checking
and ac_valgrind_checking the code doesn't use.
* configure: Regenerated.
Before CWG DR 1955 the controlling expression for an #elif must be
syntactically correct, meaning this won't compile with C++11 compilers
such as gcc 4.8:
The solution is to define __has_include(X) as 0 for compilers that don't
support it.
The second problem is that when <source_location> is found, it is used
without the std:: qualification.
libcody/ChangeLog:
* internal.hh: Define fallback macros for __has_builtin and
__has_include. Use __has_builtin for __builtin_FILE and
__builtin_LINE. Define alias for std::source_location.
The -enable-checking configure code in libcody didn't play well with
us. This just uses libcpp's configurey for that piece.
libcody/
* configure.ac: Use libcpp's enable-checking code.
* configure: Rebuilt.
